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CLAIMS 

1-27. (Canceled) 

28. (Currently Amended) A machine-implemented method, comprising: 

establishing, within a global operating system environment provided by a kernel 
instance, a first non-global zone which serves as a first virtual platform for supporting and 
isolating user processes, wherein the first non-globd zone has a first zone identifier 
associated therewith, and wherein the first non-global zone is established £ind exists without 
requiring any user processes to be running therein; 

establishing, within said global operating system environment, a second non-global 
zone which serves as a second virtud platform for supporting £ind isolating user processes, 
wherein the second non-global zone has a second zone identifier associated therewith, and 
wherein the second non-global zone is established and exists without requiring any user 
processes to be running therein; 

executing a first set of one or more user processes within the first non-global zone[[,]] 
wherein each uner process in the first set of user processes has the first zone identifier 
associated therewith ; 

executing a second set of one or more user processes within the second non-global 
zone[[,]] wherein each user process in the second set of user processes has the second zone 
identifier associated therewith ; and 

isolating the first set of one or more user processes within the first non-global zone 
and the second set of one or more user processes within the second non-global zone such that 
the first set of one or more user processes cannot access processes in the second non-global 
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zone and the second set of one or more user processes cannot access processes in the first 
non-global zone. 

29. (Previously Presented) The method of cMm 28, wherein the kernel instance provides 
services that are invoked by the first set of user processes, and wherein the services are 
invoked by the first set of user processes through the first virtud platform. 

30-31. Canceled 

32. (Currently Amended) The method of cMm 28, 

wherein a first set of resources are associated with the first non-globd zone and a 
second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more user 
processes through the first virtud platform £ind the second set of resources are accessed by 
the second set of one or more user processes through the second virtual platfomi; and 

wherein the first set of resources and the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 

33. (Previously Presented) The method of claim 32, wherein isolating the first set of user 
processes within the first non-global zone and the second set of user processes within the 
second non-global zone further comprises: 
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preventing the first set of user processes from accessing the second set of resources 
associated with the second non-global zone; and 

preventing the second set of user processes from accessing the first set of resources 
associated with the first non-globd zone. 

34. (Previously Presented) The method of cMm 32, wherein executing the first set of 
user processes within the first non-global zone causes a first application environment to be 
established within the first non-global zone, and wherein the method further comprises: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-globd zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-globd zone is not ziffected by the commzind to hdlt the first 
non-global zone. 

35. (Previously Presented) The method of claim 32, wherein executing the first set of 
user processes within the first non-globd zone causes a first application environment to be 
established within the first non-global zone, and wherein the method further comprises: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 
thereby terminating the first application environment; and 
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performing one or more tasks from the group consisting of stopping a 

scheduler process, unmounting one or more file systems, closing one 
or more network interfaces, and removing configurations for devices 
associated with the first non-globd zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

36. (Previously Presented) The method of claim 28, further comprising: 

allowing a first administrator to manage processes and resources within the first non- 
global zone, wherein the first administrator is not dlowed to mzinage processes £ind resources 
within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the second 
non-global zone, wherein the second administrator is not allowed to manage processes and 
resources within the first non-globd zone. 

37. (Previously Presented) The method of claim 28, wherein establishing the first non- 
global zone comprises: 

accessing configuration information associated with the first non-global zone; 
installing files and directories necessary for the first non-global zone to function; and 
readying the first non-global zone by performing one or more tasks from the group 
consisting of assigning the first zone identifier, starting a scheduler process, establishing one 
or more network interfaces, mounting one or more file systems, initializing a system console, 
and configuring one or more devices; 

5 

SUN 030243-US-NP 



Docket No. 15437-0592 



wherein readying the first non-global zone does not include executing user processes 
within the first non-global zone. 

38. (Currently Amended) The method of cMm 37, wherein the configuration 
information comprises one or more parameters from the group consisting of a zone name, a 
path to a root directory for the first non-globd zone, specification of one or more file systems 
to be mounted when the first non-global zone is readied created , specification of one or more 
network interfaces, specification of one or more devices to be configured when the first non- 
global zone is readied created, and specification of resource controls to be imposed on the 
first non-glob£il zone. 

39. (Currently Amended) The method of claim 28, wherein executing the first set of one 
or more user processes within the first non-global zone comprises: 

executing an initializer initizilization process; £ind 

initializing, by the initializer initialization process, execution of the first set of one or 
more user processes. 

40. (Currently Amended) A machine-readable storage medium storing one or more sets 
of instructions which, when executed by one or more processors, cause the one or more 
processors to perform the steps of: 

establishing, within a global operating system environment provided by a kernel 
instance, a first non-globd zone which serves as a first virtual platform for supporting and 
isolating user processes, wherein the first non-global zone has a first zone identifier 
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associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 

establishing, within said global operating system environment, a second non-global 
zone which serves as a second virtual platform for supporting and isolating user processes, 
wherein the second non-global zone has a second zone identifier associated therewith, and 
wherein the second non-global zone is established £ind exists without requiring £iny user 
processes to be running therein; 

executing a first set of one or more user processes within the first non-global zone[[,]] 
wherein each user process in the first set of user processes has the first zone identifier 
associated therewith ; 

executing a second set of one or more user processes within the second non-global 
zone[[,]] wherein each user process in the second set of utier pwcess&s has the second zone 
identifier associated therewith ; and 

isolating the first set of one or more user processes within the first non-global zone 
and the second set of one or more user processes within the second non-global zone such that 
the first set of one or more user processes cannot access processes in the second non-global 
zone and the second set of one or more user processes cannot access processes in the first 
non-global zone. 

41. (Previously Presented) The machine-readable storage medium of claim 40, wherein 
the kernel instance provides services that are invoked by the first set of user processes, and 
wherein the services are invoked by the first set of user processes through the first virtual 
platform. 
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42-43. Canceled 

44. (Currently Amended) The machine-readable storage medium of cMm 40, 
wherein a first set of resources are associated with the first non-global zone and a 

second set of resources Eire associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more user 
processes through the first virtual platform and the second set of resources are accessed by 
the second set of one or more user processes through the second virtual platform; and 

wherein the first set of resources £ind the second set of resources each include one or 
more resources from the group consisting of a network interface, a communications interface, 
a file system, a system console, a DASD address, and an operating system service process. 

45. (Previously Presented) The machine-readable storage medium of cMm 44, wherein 
isolating the first set of user processes within the first non-global zone and the second set of 
user processes within the second non-global zone further comprises: 

preventing the first set of user processes from accessing the second set of resources 
associated with the second non-globd zone; £ind 

preventing the second set of user processes from accessing the first set of resources 
associated with the first non-global zone. 

46. (Previously Presented) The machine-readable storage medium of claim 44, wherein 
executing the first set of user processes within the first non-global zone causes a first 
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application environment to be established within the first non-global zone, and wherein the 
machine-readable storage medium further stores one or more sets of instructions for causing 
the one or more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating £ill user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

47. (Previously Presented) The machine-readable storage medium of claim 44, wherein 
executing the first set of user processes within the first non-global zone causes a first 
application environment to be established within the first non-globd zone, £ind wherein the 
machine readable stoi age medium further stores one or more sets of instructions for causing 
the one or more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-globd zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 

scheduler process, unmounting one or more file systems, closing one 
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or more network interfaces, and removing configurations for devices 
associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the first 
non-global zone. 

48. (Previously Presented) The machine-readable storage medium of cMm 40, wherein 
the machine-readable storage medium further stores one or more sets of instructions for 
causing the one or more processors to perform the steps of: 

allowing a first administrator to manage processes and resources within the first non- 
global zone, wherein the first administrator is not dlowed to mzinage processes £ind resources 
within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the second 
non-global zone, wherein the second administrator is not allowed to manage processes and 
resources within the first non-globd zone. 

49. (Previously Presented) The machine-readable storage medium of claim 40, wherein 
establishing the first non-global zone comprises: 

accessing configuration information associated with the first non-global zone; 
installing files and directories necessary for the first non-global zone to function; and 
readying the first non-global zone by performing one or more tasks from the group 
consisting of assigning the first zone identifier, starting a scheduler process, establishing one 
or more network interfaces, mounting one or more file systems, initializing a system console, 
and configuring one or more devices; 
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wherein readying the first non-global zone does not include executing user processes 
within the first non-global zone. 

50. (Currently Amended) The machine-readable storage medium of cMm 49, wherein 
the configuration information comprises one or more parameters from the group consisting of 
a zone name, a path to a root directory for the first non-globd zone, specification of one or 
more file systems to be mounted when the first non-global zone is readied created , 
specification of one or more network interfaces, specification of one or more devices to be 
configured when the first non-global zone is readied created, and specification of resource 
controls to be imposed on the first non-globd zone. 

51. (Previously Presented) The machine-readable storage medium of claim 40, wherein 
executing the first set of user processes within the first non-global zone comprises: 

executing an initizilizer process; £ind 

initializing, by the initializer process, execution of the first set of user processes. 

52. (Currently Amended) An apparatus comprising: 

mezins for establishing, within a globd operating system environment provided by a 
kernel instance, a first non-global zone which sei-ves as a first virtual platform for supporting 
and isolating user processes, wherein the first non-global zone has a first zone identifier 
associated therewith, and wherein the first non-global zone is established and exists without 
requiring any user processes to be running therein; 
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means for establishing, within said global operating system environment, a second 
non-global zone which serves as a second virtual platform for supporting and isolating user 
processes, wherein the second non-global zone has a second zone identifier associated 
therewith, and wherein the second non-globd zone is established £ind exists without requiring 
any user processes to be running therein; 

mezins for executing a first set of one or more user processes within the first non- 
global zone[[,]] wherein each user process in the first set of user processes has the first zone 
identifier associated therewith ; 

means for executing a second set of one or more user processes within the second 
non-global zone[[,]] wherein each user process in the second set of user processes has the 
second zone identifier associated therewith ; and 

means for isolating the first set of one or more user processes within the first non- 
global zone and the second set of one or more user processes within the second non-global 
zone such that the first set of one or more user processes czinnot access processes in the 
second non-global zone and the second set of one or more user processes cannot access 
processes in the first non-global zone. 

53-54. Canceled 
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